attack.t1027.010 | Detection.FYI

Potential Obfuscated Ordinal Call Via Rundll32

Feb 25, 2025 · attack.defense-evasion attack.t1027.010 ·
Share on:

Detects execution of "rundll32" with potential obfuscated ordinal calls

Read More
Gamarue Rundll32.exe Long Commandlines

Mar 26, 2024 · attack.defense_evasion attack.t1027 attack.t1027.010 ·
Share on:

Fortunately for defenders, Gamarue is detectable with endpoint telemetry. The majority of Gamarue activity we see involves rundll32.exe executing with unusual command lines that include long filenames with repeating characters and random function names. Part of the RedCanary 2024 Threat Detection Report.

Read More